Web Services and Web Technical Infrastructure

July 1, 2006 the Indiana Legislature enacted several statutes that will affect the way IU faculty and staff handle certain types of personally identifiable information. Particular emphasis in the law is given to social security numbers.

These laws provide criminal penalties and impose certain obligations to protect the following types of personal information:

• Social Security Numbers
• Credit card numbers
• Financial account numbers
• Debit card numbers
• Security codes, access codes and passwords
• Drivers license numbers
• State identification card numbers

Below are links with more information.

• What is Institutional data?
• What is sensitive data, and how is it protected by law?
• Data Protection Information and Laws
• Best Practices for Handling Electronic Institutional and Personal Information
  • Stop collecting data unnecessarily
  • Stop storing data unnecessarily

Where possible, use a person's Network-ID instead of their Student-ID or Employee-ID.

Violations

Immediately report situations where institutional or personal data may have been inadvertently released, to the University Information Policy Office.

The UIPO will:

• Assist in assessing the situation
• Discuss technical issues with the department technicians and Security staff
• Assist in identifying and notifying appropriate agencies and offices
• Assist in developing an appropriate response, in coordination with
  • School or Department senior administrator
  • University and/or campus executive administration
  • Office of the Vice President for Information Technology
  • University Information Technology Services
  • University Counsel
  • Office of Communications and Marketing
  • Indiana University Police Department
  • Appropriate Data Steward(s)
  • External law enforcement as necessary